package cn.zxh.improvement.auth.security.config;

import cn.zxh.improvement.auth.security.entrypoint.CustomAuthenticationEntryPoint;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.SecurityFilterChain;

import static cn.zxh.improvement.auth.security.authentication.admin.password.AdminPasswordConfigurer.adminPassLogin;
import static cn.zxh.improvement.auth.security.authentication.admin.sms.AdminSmsConfigurer.adminSmsLogin;
import static cn.zxh.improvement.auth.security.authentication.user.password.UserPasswordConfigurer.userPassLogin;
import static cn.zxh.improvement.auth.security.authentication.user.sms.UserSmsConfigurer.userSmsLogin;

@EnableWebSecurity
@Configuration
public class SecurityConfig {

    /**
     * 用户登录的
     *
     * @param httpSecurity
     * @return
     * @throws Exception
     */
    @Bean
    public SecurityFilterChain userLoginFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.antMatcher("/user/**");
        httpSecurity.apply(userPassLogin());
        httpSecurity.apply(userSmsLogin());
        httpSecurity.csrf(AbstractHttpConfigurer::disable);

        // 前后端分离，不需要session
        httpSecurity.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
        // 异常
        httpSecurity.exceptionHandling(exception -> {
            // 登录不进去
            exception.authenticationEntryPoint(entryPoint());
            // 没有被授权, 授权以后到web全做，这里只做登录
//            exception.accessDeniedHandler();
        });
        httpSecurity.authorizeRequests(request -> request.antMatchers("/user/**").permitAll());

        return httpSecurity.build();
    }

    /**
     * admin登录的
     *
     * @param httpSecurity
     * @return
     * @throws Exception
     */
    @Bean
    public SecurityFilterChain adminLoginFilterChain(HttpSecurity httpSecurity) throws Exception {
        httpSecurity.antMatcher("/admin/**");
        httpSecurity.apply(adminPassLogin());
        httpSecurity.apply(adminSmsLogin());

        httpSecurity.csrf(AbstractHttpConfigurer::disable);

        // 前后端分离，不需要session
        httpSecurity.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
        // 异常
        httpSecurity.exceptionHandling(exception -> {
            // 登录不进去
            exception.authenticationEntryPoint(entryPoint());
            // 没有被授权, 授权以后到web全做，这里只做登录
//            exception.accessDeniedHandler();
        });
        httpSecurity.authorizeRequests(request -> request.antMatchers("/admin/**").permitAll());
        return httpSecurity.build();
    }

    @Bean
    public AuthenticationEntryPoint entryPoint() {
        return new CustomAuthenticationEntryPoint();
    }
}
